- From: Rick <graham.rick@gmail.com>
- Date: Mon, 13 May 2013 17:01:47 -0400
- To: Mark Watson <watsonm@netflix.com>
- Cc: Brendan Aragorn <gloppius@yahoo.com>, public-restrictedmedia@w3.org
- Message-ID: <CAGDjS3dfCTjTgfXESzWgVw3fo0syB57BQ6eg+bvYCM6fc1he6Q@mail.gmail.com>
On Mon, May 13, 2013 at 4:50 PM, Mark Watson <watsonm@netflix.com> wrote: > > > On Mon, May 13, 2013 at 1:37 PM, Brendan Aragorn <gloppius@yahoo.com>wrote: > >> Mark, >> I emphatically trust my UA vendor, Mozilla. If by gatekeeper you mean >> that they are able to block or warn of CDMs they find untrustworthy I am >> quite satisfied. >> > > This is up to them. There is nothing in EME that says UAs have to provide > a plugin API enabling users to download and install arbitrary CDMs and I > hope that UAs will not do this. The EME will cause a proliferation of > plugins is one of the bigger myths that as been spread about the proposal. > The intention is to *get rid of* plugins. > > So, then, the only way a CDM would be usable in the HTMLMediaElement is if > the UA has explicitly chosen to provide support for it. I would also expect > them to allow the user to enable/disable it. Possibly they may want to ask > the user for permission the first time it runs for each origin. Again, it's > up to UA implementors, but some possible ways a UA could provide support > for a given CDM might be: > - the CDM is integrated directly into the UA and ships with the UA > executable > - the CDM is implemented in the platform and the UA uses public platform > APIs to access it > - the CDM is a separately downloadable software module that the UA vendor > has integrated with and vetted. The UA will only load and execute it if it > passes some kind of code integrity check. > > The last one is rather unsatisfactory, since it still looks and feels like > a plugin to the user, though it has the same properties as the first two. > It might be a path forward if there is some reason the CDM cannot ship with > the UA itself. > > >> As an aside I meant that I would be willing to adopt their software as >> soon as it has proven itself to be safe. I realize that noone can "prove" >> future action in the present. I merely meant that those with a history of >> respecting the rights of others are more likely to continue in such fashion. >> > > Fair enough. So do you agree, then, that putting DRM into the hands of the > UA vendors - who clearly have such a history - is better than proprietary > plugins or proliferation of native apps ? > > ...Mark > > >> >> ------------------------------ >> *From:* Mark Watson <watsonm@netflix.com> >> *To:* Brendan Aragorn <gloppius@yahoo.com> >> *Cc:* public-restrictedmedia@w3.org >> *Sent:* Monday, May 13, 2013 1:01 PM >> *Subject:* Re: Clarification >> >> [This one, too, should be on restricted media] >> >> On Mon, May 13, 2013 at 11:50 AM, Brendan Aragorn <gloppius@yahoo.com>wrote: >> >> Mr Adams brought to my attention that my posting was rather unclear, so >> I am replying to it here as well. >> >> Furthermore, the EME proposal addresses this risk by making the UA >> vendors the gatekeepers, unlike the current situations with plugins. [Note >> that if you don't trust your UA vendor you have bigger problems every time >> you access an Internet Banking site, for example]. >> >> >> I do not trust their software and so prefer my content on my dvd player >> where it cannot actively or unitntentionally harm me. >> >> >> See above, but of course it remains your choice to obtain the content on >> DVD. >> >> >> I also believe that open source operating systems should be supported, >> especially considering that a minor majority of the internet is running on >> them, and that most of the earths poulation cannot afford the proprietary >> ones. >> >> >> Linux support would be great. Microsoft is never going to support >> Silverlight on Linux so moving from Silverlight to EME at least offers some >> opportunity. Indeed, the first deployment of EME is on a Linux-based OS >> (ChromeOS). >> >> It seems that the things you want: better security/privacy protection and >> wider OS support are actually goals of EME, so I am not sure why you are >> opposed to it ? >> >> UA's gain a level of trust with me by publishing their source so that it can be vetted by the community at large. I don't trust them blindly. Publishing the source for CDM's would make it less threatening. I see no reason why this can't be done; ssh is open, and more secure for having published source. -- Rick
Received on Monday, 13 May 2013 21:02:14 UTC